47364ef84522d1700681b412ddfeb1f5[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

47364ef84522d1700681b412ddfeb1f5.bin
Size

869KB
MD5

47364ef84522d1700681b412ddfeb1f5
SHA1

06d5c0b25606aeb3d3c1a16ca85bc34fbabeb2a6
SHA256

e1bd5cb0ae40fcc5878d18e326343259abe53aafdb553e0d0d1399f0f3cc14e8
SHA512

501337af349d293cd2bfcf1fa44913601cd61ecf0275eecc381e0daf7c32a9f606738f0c723b31b5f99a148c072ababd0c16379517a8c7b3814546a78fa06f63
SSDEEP

12288:SvkrmD6wLY6PRgoy6Ucr4BrkVY9Y+EgAMzNS+8dNQURn1SqgUlWRR9aex8LX5wua:cZ1LY6PRgbokBr+YflOQyUKex8LVcU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47364ef84522d1700681b412ddfeb1f5.bin

Files

47364ef84522d1700681b412ddfeb1f5.bin
.exe windows:5 windows x86 arch:x86

45259947ce749c86319c27a0984a8a66

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

CreateScalableFontResourceW
GetTextCharsetInfo
CombineRgn
EndPath
EngQueryLocalTime
GdiAlphaBlend
DdEntry16
GdiEntry14
GetGraphicsMode
GdiFlush
SelectClipPath
DdEntry5
GetStockObject
RectVisible
GetKerningPairsA
GdiIsMetaPrintDC
AddFontResourceExW
DdEntry55
GetTextExtentExPointW
CheckColorsInGamut
DdEntry24
PolyBezier
GdiConvertBitmap
PATHOBJ_vEnumStart
GetPolyFillMode
GdiDescribePixelFormat
SetBkMode
EngGetCurrentCodePage
GdiConvertBrush
CreateICA
GetRasterizerCaps
GetTextExtentPoint32W
GetClipRgn
EngCreateClip
EngCopyBits
GdiReleaseLocalDC
GdiConvertToDevmodeW
GdiDeleteSpoolFileHandle
GdiEntry16
EnumFontFamiliesExA
PolyTextOutA
EngBitBlt
CreateColorSpaceW
GdiConsoleTextOut
GetCharWidthW
DdEntry46
SetICMMode
IntersectClipRect
EndPage
GdiPlayPageEMF
GetObjectW
RemoveFontResourceA
SelectBrushLocal
GetDIBColorTable
SetWindowExtEx
GetEnhMetaFilePaletteEntries
UnloadNetworkFonts
DdEntry43
DdEntry45
GetGlyphIndicesW
SetBitmapAttributes
DdEntry22
GdiEntry1
EngCreateDeviceSurface
GdiInitSpool
CreatePatternBrush
SetColorSpace
GdiCleanCacheDC

kernel32

WriteTapemark
_llseek
VDMConsoleOperation
GetCurrentProcessId
RemoveLocalAlternateComputerNameW
LeaveCriticalSection
LZCreateFileW
LoadLibraryA
GetSystemTimeAsFileTime
WriteFile
VirtualUnlock
VDMOperationStarted
GetNumberFormatW
AddRefActCtx
GetCurrentActCtx
_lopen
TransactNamedPipe
QueryInformationJobObject
SetDefaultCommConfigA
AddConsoleAliasW
RequestWakeupLatency
ProcessIdToSessionId
SetConsoleCursorMode
GetVDMCurrentDirectories
HeapCreate
GetStringTypeExW
InterlockedDecrement
DeleteTimerQueueEx
GetConsoleInputWaitHandle
VirtualAlloc
PostQueuedCompletionStatus
OpenEventA
GetEnvironmentStringsW
ExitProcess
GetACP
CreateJobObjectW
GlobalGetAtomNameW
FindActCtxSectionStringA
SetConsoleCursorPosition
HeapSummary
CreateSemaphoreA
SetThreadPriorityBoost
GetThreadSelectorEntry
EscapeCommFunction
VerSetConditionMask
ReadFileScatter
GetFileAttributesW
FreeLibraryAndExitThread
OpenJobObjectA
_lclose
SetConsoleWindowInfo
ReadConsoleOutputAttribute
GetOEMCP
OutputDebugStringA
FreeResource
EnumDateFormatsW
ReplaceFileA
GetProfileSectionA
FindNextVolumeA
Heap32ListNext

mapi32

HrComposeEID@28
FtgRegisterIdleRoutine@20
WrapProgress@20
UlAddRef@4
__ValidateParameters@8
ScDupPropset@16
OpenStreamOnFile@24
EncodeID@12
UNKOBJ_ScSzFromIdsAlloc@20
MAPIFindNext
UNKOBJ_ScCOAllocate@12
MAPIInitialize@4
RTFSync@12
HrAddColumnsEx@20
MAPIFreeBuffer@4
WrapCompressedRTFStream@12
ScLocalPathFromUNC@12
MAPISendMail
SzFindCh@8
cmc_read
ScCountNotifications@12
MAPIAllocateMore@12
FreeProws@4
cmc_act_on
MAPILogoff
SetAttribIMsgOnIStg@16
HrDecomposeMsgID@24
LPropCompareProp@8
FBadRowSet@4
FBadRglpszA@8
GetOutlookVersion
OpenTnefStream
cmc_send
FreePadrlist@4
BMAPIAddress
FBadRow@4

ntdll

ZwSaveKey
NtStopProfile
NtQuerySymbolicLinkObject
RtlInitUnicodeStringEx
NtOpenProcess
ZwCreateJobObject
towupper
RtlDeactivateActivationContext
ZwListenPort
vsprintf
RtlAddAttributeActionToRXact
_ultoa
RtlRealPredecessor
RtlQuerySecurityObject
NtReleaseSemaphore
RtlLookupElementGenericTableAvl
NtShutdownSystem
RtlFindCharInUnicodeString
RtlSetDaclSecurityDescriptor
RtlIsValidIndexHandle
NtImpersonateAnonymousToken
CsrGetProcessId
vDbgPrintExWithPrefix
RtlRegisterSecureMemoryCacheCallback
RtlTraceDatabaseCreate
NtQueryVirtualMemory
RtlSetLastWin32Error
_wcsnicmp
NtTestAlert

mfcsubs

??ACStringArray@@QBE?AVCString@@H@Z
??0CString@@QAE@PBE@Z
?Compare@CString@@QBEHPBG@Z
??H@YG?AVCString@@DABV0@@Z
??P@YG_NABVCString@@PBG@Z
??YCString@@QAEABV0@D@Z
??0CString@@QAE@PBG@Z
?RemoveAll@CStringArray@@QAEXXZ
?SetSize@CStringArray@@QAEXHH@Z
?Mid@CString@@QBE?AV1@HH@Z
?Unlock@CSyncObject@@UAEHJPAJ@Z
?GetAllocLength@CString@@QBEHXZ
??ACMapStringToPtr@@QAEAAPAXPBG@Z
?Copy@CStringArray@@QAEXABV1@@Z
?SetAt@CString@@QAEXHG@Z
?ReverseFind@CString@@QBEHG@Z
?GetLength@CString@@QBEHXZ
?SpanExcluding@CString@@QBE?AV1@PBG@Z
?FreeExtra@CString@@QAEXXZ
?InsertAt@CStringArray@@QAEXHPBGH@Z
?data@CPlex@@QAEPAXXZ
??N@YG_NABVCString@@0@Z
??8@YG_NPBGABVCString@@@Z
??0CString@@QAE@PBGH@Z
?SetAtGrow@CStringArray@@QAEXHPBG@Z
?GetNextAssoc@CMapStringToPtr@@QBEXAAPAU__POSITION@@AAVCString@@AAPAX@Z
??ACStringArray@@QAEAAVCString@@H@Z

esent

JetSetColumn
JetCloseTable
JetBeginSession
JetRollback
JetDeleteIndex
JetDefragment
JetSetIndexRange
JetRestoreInstance
JetMove@16
JetSetCurrentIndex4
JetAttachDatabase
JetBeginTransaction@4
JetEnableMultiInstance
JetSnapshotStart
JetGetLock
JetRetrieveColumns
JetGetDatabaseInfo
JetOSSnapshotPrepare
JetBeginExternalBackup
JetCreateInstance2
JetCreateTable
JetCloseTable@8
JetTerm@4
JetCompact
JetGetAttachInfoInstance
JetGetSecondaryIndexBookmark
JetDeleteColumn2
JetOpenFile
JetCreateDatabase
JetGetTableColumnInfo
JetCloseDatabase
JetCloseFile
JetReadFile
JetMakeKey
JetInit
JetCommitTransaction@8
JetPrepareUpdate
JetRetrieveTaggedColumnList
JetGetRecordPosition
JetCreateDatabase2
JetBeginExternalBackupInstance
JetInit2
JetOpenTempTable
JetRenameColumn
JetOSSnapshotThaw

opengl32

glTexCoord3d
glColor3ui
glIndexsv
glMapGrid2f
glEvalCoord2d
glDisable
glPixelMapfv
glFrontFace
glTexImage2D
glLoadName
glTexEnviv
glMapGrid1d
glTexCoord4d
glVertex3i
glRasterPos4f
GlmfEndPlayback
glPixelStoref
glVertex3sv
glTexCoord4iv
glVertex2sv
glRasterPos2i
glEnable
wglCopyContext
glNormalPointer
glRectf
glStencilFunc

cfgmgr32

CM_Get_Next_Res_Des_Ex
CM_Register_Device_InterfaceW
CM_Run_Detection_Ex
CM_Run_Detection
CM_Get_Sibling_Ex
CM_Create_DevNodeW
CM_Get_Device_ID_ExW
CM_Move_DevNode
CM_Open_Class_KeyW
CM_Get_HW_Prof_FlagsA
CM_Set_DevNode_Registry_Property_ExW
CM_Get_Device_Interface_List_Size_ExW
CM_Get_Next_Log_Conf_Ex
CM_Get_Device_ID_ExA
CM_Set_HW_Prof
CM_Get_First_Log_Conf
CM_Free_Range_List
CM_Get_Child
CM_Get_Device_IDW
CM_Get_Device_Interface_ListA
CM_Reenumerate_DevNode_Ex
CM_Add_ID_ExW
CM_First_Range
CM_Get_Class_Key_Name_ExW
CM_Get_HW_Prof_FlagsW
CM_Register_Device_Driver
CM_Set_HW_Prof_Ex
CM_Enumerate_EnumeratorsW
CM_Free_Log_Conf_Handle
CM_Set_HW_Prof_Flags_ExW

cmutil

?Write@CmLogFile@@AAEJPAG@Z
?GetRegPath@CIniA@@QBEPBDXZ
?CIniW_DeleteEntryFromReg@CIniW@@IBEHPAUHKEY__@@PBG1@Z
?SetRegPath@CIniW@@QAEXPBG@Z
?Init@CmLogFile@@QAEJPAUHINSTANCE__@@HPBG@Z
CmLoadStringW
?GetFile@CIniA@@QBEPBDXZ
CmStrCpyAllocW
CmStrCatAllocW
CmIsSpaceW
?CloseFile@CmLogFile@@AAEJXZ
?SetHInst@CIniW@@QAEXPAUHINSTANCE__@@@Z
?Init@CRandom@@QAEXK@Z
?SetSection@CIniA@@QAEXPBD@Z
?GPPI@CIniW@@QBEKPBG0K@Z
CmStrrchrW
?CIni_SetFile@CIniA@@KGXPAPADPBD@Z
?CIniW_GetEntryFromReg@CIniW@@IBEPAEPAUHKEY__@@PBG1KK@Z
CmFmtMsgW
?GetPrimaryRegPath@CIniA@@QBEPBDXZ
??1CIniW@@QAE@XZ
CmStrchrA
??4CmLogFile@@QAEAAV0@ABV0@@Z
?WPPB@CIniA@@QAEXPBD0H@Z
CmRealloc
?GPPS@CIniW@@QBEPAGPBG00@Z
?SetEntry@CIniA@@QAEXPBD@Z
?SetEntry@CIniW@@QAEXPBG@Z
CmFree
CmLoadSmallIconA

msctfp

DllGetClassObject
GetProxyDllInfo

Sections

.text
Size: 353KB - Virtual size: 353KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 321KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45259947ce749c86319c27a0984a8a66

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

kernel32

mapi32

ntdll

mfcsubs

esent

opengl32

cfgmgr32

cmutil

msctfp

Sections

.text Size: 353KB - Virtual size: 353KB

.rdata Size: 190KB - Virtual size: 190KB

.data Size: 321KB - Virtual size: 1.7MB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 353KB - Virtual size: 353KB

.rdata
Size: 190KB - Virtual size: 190KB

.data
Size: 321KB - Virtual size: 1.7MB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 1024B